annoyed: coolpics.net problem

Discussion in 'malware problems & news' started by annoyed, May 15, 2007.

Thread Status:
Not open for further replies.
  1. annoyed

    annoyed Registered Member

    Joined:
    May 15, 2007
    Posts:
    1
    Re: Yahoo IM coolpics.net problem!!!

    I'm having the same problem and its not going even after i run the BFU thing, my log is
    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\outlook\p.zip
    C:\Program Files\outlook\v.tmp
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\msconfig.exe
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com
    C:\WINDOWS\lsass.exe
    C:\WINDOWS\system\svchost.exe
    C:\Program Files\outlook


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


    2007-05-26 13:39 <DIR> d-------- C:\Program Files\Google
    2007-05-14 23:00 <DIR> d-------- C:\BFU
    2007-05-14 21:09 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\.housecall6.6
    2007-05-14 20:43 81,024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
    2007-05-14 20:43 105,856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
    2007-05-14 20:42 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
    2007-05-14 20:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-05-14 20:41 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-05-14 19:45 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
    2007-05-14 19:08 <DIR> d-------- C:\Program Files\Common Files\Scanner
    2007-05-11 12:50 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\vlc
    2007-05-11 12:22 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\dvdcss
    2007-05-11 12:20 107,520 -rahs---- C:\WINDOWS\system\lsass.exe
    2007-05-11 12:20 107,520 --------- C:\New Folder.exe
    2007-05-11 11:47 <DIR> d-------- C:\DECCHECK
    2007-05-11 11:37 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\CyberLink
    2007-05-11 00:19 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\MoyeaFLV2Video
    2007-05-11 00:01 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
    2007-05-11 00:01 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
    2007-05-11 00:01 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
    2007-05-11 00:01 <DIR> d-------- C:\Program Files\Common Files\Eltima Shared
    2007-05-11 00:01 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\Eltima Software
    2007-05-10 23:51 <DIR> d-------- C:\WINDOWS\FLV Player
    2007-05-10 20:32 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-05-10 20:32 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-05-10 20:32 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-05-10 20:32 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-05-10 20:32 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-05-10 20:32 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-05-10 20:32 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-05-10 20:32 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-05-07 22:07 348,160 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
    2007-05-07 11:32 97,280 --a------ C:\WINDOWS\system32\CNMLM3y.DLL
    2007-05-07 11:32 5,632 --a------ C:\WINDOWS\system32\CNMVS3y.DLL
    2007-05-07 11:32 36,864 --a------ C:\WINDOWS\system32\CNMCP3Y.EXE
    2007-05-07 11:32 <DIR> d--h----- C:\BJPrinter
    2007-05-07 11:30 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-05-05 13:29 <DIR> d-------- C:\Program Files\HP
    2007-05-05 13:29 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\HP
    2007-05-03 22:36 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\Symantec
    2007-05-03 22:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-05-03 22:33 <DIR> d--hs---- C:\DOCUME~1\DRSOUN~1\Complete
    2007-05-03 10:23 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
    2007-05-03 10:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    2007-05-02 21:21 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\Contacts
    2007-05-02 21:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-05-02 21:20 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-05-01 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
    2007-05-01 18:03 <DIR> d-------- C:\Program Files\PopCap Games
    2007-05-01 10:59 <DIR> d-------- C:\Program Files\BoontyGames
    2007-05-01 10:58 <DIR> d-------- C:\Program Files\Boonty
    2007-04-30 22:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-04-28 12:40 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\Help
    2007-04-27 17:31 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2007-04-27 17:22 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\Jasc
    2007-04-26 21:25 41 ---h----- C:\WINDOWS\dsez0081.dat
    2007-04-26 11:37 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\Image Zone Express
    2007-04-22 10:23 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\AdobeUM
    2007-04-22 10:22 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\APPLIC~1\Opera
    2007-04-21 16:42 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-04-21 16:42 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-04-20 23:53 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\Incomplete
    2007-04-20 23:44 <DIR> d-------- C:\DOCUME~1\DRSOUN~1\.limewire
    2007-04-20 21:59 <DIR> d-------- C:\temp
    2007-04-20 21:52 <DIR> dr-h----- C:\DOCUME~1\DRSOUN~1\APPLIC~1\yahoo!
    2007-04-20 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-04-20 21:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
    2007-04-20 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-04-20 20:36 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2007-04-20 20:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-04-20 20:27 <DIR> d--hs---- C:\RECYCLER
    2007-04-20 19:02 0 --a------ C:\WINDOWS\nsreg.dat
    2007-04-20 19:01 2,925 --a------ C:\WINDOWS\mozver.dat
    2007-04-20 19:01 107,132 --a------ C:\WINDOWS\UninstallFirefox.exe
    2007-04-20 19:01 <DIR> d---s---- C:\DOCUME~1\DRSOUN~1\UserData
    2007-04-15 01:37 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2007-04-15 01:36 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2007-04-15 01:36 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2007-04-15 01:36 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2007-04-15 01:36 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
    2007-04-15 01:35 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2007-04-15 01:35 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2007-04-15 01:35 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2007-04-15 01:35 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2007-04-15 01:35 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2007-04-15 01:35 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2007-04-15 01:35 74,752 --a------ C:\WINDOWS\system32\storprop.dll
    2007-04-15 01:35 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2007-04-15 01:35 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
    2007-04-15 01:35 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
    2007-04-15 01:35 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2007-04-15 01:35 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2007-04-15 01:35 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2007-04-15 01:35 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2007-04-15 01:35 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2007-04-15 01:35 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2007-04-15 01:35 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2007-04-15 01:35 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2007-04-15 01:35 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2007-04-15 01:35 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2007-04-15 01:35 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2007-04-15 01:35 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2007-04-15 01:35 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2007-04-15 01:35 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2007-04-15 01:35 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2007-04-15 01:35 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2007-04-15 01:35 <DIR> dr------- C:\Program Files
    2007-04-15 01:35 <DIR> d--hs---- C:\WINDOWS\Installer
    2007-04-15 01:35 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
    2007-04-15 01:35 <DIR> d-------- C:\Program Files\Common Files\ODBC
    2007-04-15 01:34 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
    2007-04-15 01:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2007-04-15 01:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot
    2007-04-15 01:34 <DIR> d-------- C:\Documents and Settings
    2007-04-15 01:32 <DIR> d--hs---- C:\System Volume Information
    2007-04-15 01:29 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2007-04-15 01:29 <DIR> dr--s---- C:\WINDOWS\Fonts
    2007-04-15 01:29 <DIR> dr------- C:\WINDOWS\Web
    2007-04-15 01:29 <DIR> d--hs---- C:\WINDOWS\system32
    2007-04-15 01:29 <DIR> d--h----- C:\WINDOWS\inf
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\WinSxS
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\twain_32
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\wins
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\wbem
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\usmt
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\spool
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\ShellExt
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\Setup
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\ras
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\oobe
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\npp
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\mui
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\inetsrv
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\IME
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\icsxml
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\ias
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\export
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\drivers
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\dhcp
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\config
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\3076
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\2052
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1054
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1042
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1041
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1037
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1033
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1031
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1028
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system32\1025
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\system
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\security
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Resources
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\repair
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Provisioning
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\PeerNet
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\pchealth
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\mui
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\msapps
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\msagent
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Media
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\ime
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Help
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\ehome
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Driver Cache
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Debug
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Cursors
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Connection Wizard
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\Config
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\AppPatch
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS\addins
    2007-04-15 01:29 <DIR> d-------- C:\WINDOWS


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-20 16:07:47 -------- d-----w C:\Program Files\Yahoo!
    2007-04-14 15:36:42 -------- d-----w C:\DOCUME~1\DRSOUN~1\APPLIC~1\Ahead
    2007-04-14 15:36:02 -------- d-----w C:\Program Files\Ahead
    2007-04-14 15:35:57 -------- d-----w C:\Program Files\Common Files\Ahead
    2007-04-14 15:31:09 -------- d-----w C:\Program Files\Winamp
    2007-04-14 15:31:05 -------- d-----w C:\Program Files\Mjuice Media Player
    2007-04-14 15:31:04 88,064 ----a-w C:\WINDOWS\system32\AudioExCtl.dll
    2007-04-14 15:27:19 -------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-04-14 15:26:28 -------- d-----w C:\Program Files\Common Files\L&H
    2007-04-14 15:12:10 -------- d-----w C:\Program Files\Realtek
    2007-04-14 15:11:11 81,920 ------w C:\WINDOWS\ALCFDRTM.EXE
    2007-04-14 15:09:10 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-04-14 15:09:04 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-04-14 14:59:42 -------- d-----w C:\Program Files\Intel
    2007-04-14 14:43:45 -------- d-----w C:\Program Files\microsoft frontpage
    2007-04-14 14:43:27 0 --sha-r C:\MSDOS.SYS
    2007-04-14 14:43:27 0 --sha-r C:\IO.SYS
    2007-04-14 14:43:27 0 ----a-w C:\CONFIG.SYS
    2007-04-14 14:43:27 0 ----a-w C:\AUTOEXEC.BAT
    2007-04-14 14:42:12 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-04-14 14:42:08 -------- d-----w C:\Program Files\Online Services
    2007-04-14 14:41:26 -------- d-----w C:\Program Files\Common Files\MSSoap
    2007-04-14 14:41:18 -------- d-----w C:\Program Files\Movie Maker
    2007-04-14 14:40:32 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-04-14 14:40:07 -------- d-----w C:\Program Files\Messenger
    2007-04-14 14:40:03 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-04-14 14:39:55 -------- d-----w C:\Program Files\Windows NT


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 20:12]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 15:29]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "AlcWzrd"="ALCWZRD.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
    "googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
    "OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
    "Task Manager"="C:\\WINDOWS\\system\\svchost.exe"
    "Yahoo Messenger"="C:\\WINDOWS\\system\\svchost32.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 11:09]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 11:06]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 11:10]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe])
    "SoundMan"="SOUNDMAN.EXE" [])
    "AlcWzrd"="ALCWZRD.EXE" [])
    "Alcmtr"="ALCMTR.EXE" [])
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52]
    "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-04-02 09:27]
    "Task Manager"="C:\WINDOWS\system\svchost.exe" []
    "Yahoo Messenger"="C:\WINDOWS\system\svchost32.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 10:24]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000001
    "DisableTaskMgr"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFolderOptions"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFolderOptions"=dword:00000001
    "NoRun"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages msv1_0\0\0
    Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP




    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter HTTPFilter\0\0
    LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService DnsCache\0\0
    DcomLaunch DcomLaunch\0TermService\0\0
    rpcss RpcSs\0\0
    imgsvc StiSvc\0\0
    termsvcs TermService\0\0

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\MP Scheduled Signature Update.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-15 10:08:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-15 10:09:27
    C:\ComboFix-quarantined-files.txt ... 2007-05-15 10:09
     
    annoyed, May 15, 2007
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    I actually see no reason why my BFU script would not have worked.

    Please follow these instructions:
    Download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select coolpics.bfu
    • Put a checkmark in the "Show log after script ends"
    • Press Execute and let it do its job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Post the BFU log.
    • Press exit to terminate the BFU program.
    Reboot your computer and post a new Combofix log.

    Regards,

    Pieter
     
    Pieter_Arntz, May 15, 2007
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...